Optional zero-knowledge by const generic

halo2_gadgets/benches/poseidon.rs

@@ -32,6 +32,8 @@ use halo2_proofs::{
     transcript::{TranscriptReadBuffer, TranscriptWriterBuffer},
 };
 
+const ZK: bool = true;
+
 #[derive(Clone, Copy)]
 struct HashCircuit<S, const WIDTH: usize, const RATE: usize, const L: usize>
 where
@@ -204,8 +206,9 @@ fn bench_poseidon<S, const WIDTH: usize, const RATE: usize, const L: usize>(
     };
 
     // Initialize the proving key
-    let vk = keygen_vk(&params, &empty_circuit).expect("keygen_vk should not fail");
-    let pk = keygen_pk(&params, vk, &empty_circuit).expect("keygen_pk should not fail");
+    let vk = keygen_vk::<_, _, _, ZK>(&params, &empty_circuit).expect("keygen_vk should not fail");
+    let pk =
+        keygen_pk::<_, _, _, ZK>(&params, vk, &empty_circuit).expect("keygen_pk should not fail");
 
     let prover_name = name.to_string() + "-prover";
     let verifier_name = name.to_string() + "-verifier";
@@ -228,7 +231,7 @@ fn bench_poseidon<S, const WIDTH: usize, const RATE: usize, const L: usize>(
         b.iter(|| {
             // Create a proof
             let mut transcript = Blake2bWrite::<_, EqAffine, Challenge255<_>>::init(vec![]);
-            create_proof::<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _>(
+            create_proof::<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _, ZK>(
                 &params,
                 &pk,
                 &[circuit],
@@ -242,7 +245,7 @@ fn bench_poseidon<S, const WIDTH: usize, const RATE: usize, const L: usize>(
 
     // Create a proof
     let mut transcript = Blake2bWrite::<_, EqAffine, Challenge255<_>>::init(vec![]);
-    create_proof::<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _>(
+    create_proof::<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _, ZK>(
         &params,
         &pk,
         &[circuit],
@@ -257,7 +260,14 @@ fn bench_poseidon<S, const WIDTH: usize, const RATE: usize, const L: usize>(
         b.iter(|| {
             let strategy = SingleStrategy::new(&params);
             let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
-            assert!(verify_proof(&params, pk.get_vk(), strategy, &[&[]], &mut transcript).is_ok());
+            assert!(verify_proof::<_, _, _, _, _, ZK>(
+                &params,
+                pk.get_vk(),
+                strategy,
+                &[&[]],
+                &mut transcript
+            )
+            .is_ok());
         });
     });
 }

halo2_gadgets/benches/sha256.rs

@@ -29,6 +29,8 @@ use halo2_proofs::{
     transcript::{TranscriptReadBuffer, TranscriptWriterBuffer},
 };
 
+const ZK: bool = true;
+
 #[allow(dead_code)]
 fn bench(name: &str, k: u32, c: &mut Criterion) {
     #[derive(Default)]
@@ -106,8 +108,9 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
     let empty_circuit: MyCircuit = MyCircuit {};
 
     // Initialize the proving key
-    let vk = keygen_vk(&params, &empty_circuit).expect("keygen_vk should not fail");
-    let pk = keygen_pk(&params, vk, &empty_circuit).expect("keygen_pk should not fail");
+    let vk = keygen_vk::<_, _, _, ZK>(&params, &empty_circuit).expect("keygen_vk should not fail");
+    let pk =
+        keygen_pk::<_, _, _, ZK>(&params, vk, &empty_circuit).expect("keygen_pk should not fail");
 
     let circuit: MyCircuit = MyCircuit {};
 
@@ -128,7 +131,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
     let proof_path = Path::new("./benches/sha256_assets/sha256_proof");
     if File::open(&proof_path).is_err() {
         let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
-        create_proof::<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _>(
+        create_proof::<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _, ZK>(
             &params,
             &pk,
             &[circuit],
@@ -153,7 +156,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
             use halo2_proofs::poly::VerificationStrategy;
             let strategy = AccumulatorStrategy::new(&params);
             let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
-            let strategy = verify_proof::<IPACommitmentScheme<_>, VerifierIPA<_>, _, _, _>(
+            let strategy = verify_proof::<IPACommitmentScheme<_>, VerifierIPA<_>, _, _, _, ZK>(
                 &params,
                 pk.get_vk(),
                 strategy,

halo2_gadgets/src/ecc.rs

@@ -895,9 +895,11 @@ pub(crate) mod tests {
 
     #[test]
     fn ecc_chip() {
+        const ZK: bool = true;
+
         let k = 13;
         let circuit = MyCircuit { test_errors: true };
-        let prover = MockProver::run(k, &circuit, vec![]).unwrap();
+        let prover = MockProver::run::<_, ZK>(k, &circuit, vec![]).unwrap();
         assert_eq!(prover.verify(), Ok(()))
     }
 
@@ -906,13 +908,15 @@ pub(crate) mod tests {
     fn print_ecc_chip() {
         use plotters::prelude::*;
 
+        const ZK: bool = true;
+
         let root = BitMapBackend::new("ecc-chip-layout.png", (1024, 7680)).into_drawing_area();
         root.fill(&WHITE).unwrap();
         let root = root.titled("Ecc Chip Layout", ("sans-serif", 60)).unwrap();
 
         let circuit = MyCircuit { test_errors: false };
         halo2_proofs::dev::CircuitLayout::default()
-            .render(13, &circuit, &root)
+            .render::<_, _, _, ZK>(13, &circuit, &root)
             .unwrap();
     }
 }

halo2_gadgets/src/ecc/chip/mul_fixed/short.rs

@@ -403,6 +403,8 @@ pub mod tests {
         Ok(())
     }
 
+    const ZK: bool = true;
+
     #[test]
     fn invalid_magnitude_sign() {
         use crate::{
@@ -562,7 +564,7 @@ pub mod tests {
             ];
 
             for circuit in circuits.iter() {
-                let prover = MockProver::<pallas::Base>::run(11, circuit, vec![]).unwrap();
+                let prover = MockProver::<pallas::Base>::run::<_, ZK>(11, circuit, vec![]).unwrap();
                 circuit.magnitude_error.assert_if_known(|magnitude_error| {
                     assert_eq!(
                         prover.verify(),
@@ -620,7 +622,7 @@ pub mod tests {
                     .y()
             };
 
-            let prover = MockProver::<pallas::Base>::run(11, &circuit, vec![]).unwrap();
+            let prover = MockProver::<pallas::Base>::run::<_, ZK>(11, &circuit, vec![]).unwrap();
             assert_eq!(
                 prover.verify(),
                 Err(vec![

halo2_gadgets/src/poseidon/pow5.rs

@@ -711,9 +711,11 @@ mod tests {
 
     #[test]
     fn poseidon_permute() {
+        const ZK: bool = true;
+
         let k = 6;
         let circuit = PermuteCircuit::<OrchardNullifier, 3, 2>(PhantomData);
-        let prover = MockProver::run(k, &circuit, vec![]).unwrap();
+        let prover = MockProver::run::<_, ZK>(k, &circuit, vec![]).unwrap();
         assert_eq!(prover.verify(), Ok(()))
     }
 
@@ -810,6 +812,8 @@ mod tests {
 
     #[test]
     fn poseidon_hash() {
+        const ZK: bool = true;
+
         let rng = OsRng;
 
         let message = [Fp::random(rng), Fp::random(rng)];
@@ -822,12 +826,14 @@ mod tests {
             output: Value::known(output),
             _spec: PhantomData,
         };
-        let prover = MockProver::run(k, &circuit, vec![]).unwrap();
+        let prover = MockProver::run::<_, ZK>(k, &circuit, vec![]).unwrap();
         assert_eq!(prover.verify(), Ok(()))
     }
 
     #[test]
     fn poseidon_hash_longer_input() {
+        const ZK: bool = true;
+
         let rng = OsRng;
 
         let message = [Fp::random(rng), Fp::random(rng), Fp::random(rng)];
@@ -840,12 +846,14 @@ mod tests {
             output: Value::known(output),
             _spec: PhantomData,
         };
-        let prover = MockProver::run(k, &circuit, vec![]).unwrap();
+        let prover = MockProver::run::<_, ZK>(k, &circuit, vec![]).unwrap();
         assert_eq!(prover.verify(), Ok(()))
     }
 
     #[test]
     fn hash_test_vectors() {
+        const ZK: bool = true;
+
         for tv in crate::poseidon::primitives::test_vectors::fp::hash() {
             let message = [
                 pallas::Base::from_repr(tv.input[0]).unwrap(),
@@ -860,7 +868,7 @@ mod tests {
                 output: Value::known(output),
                 _spec: PhantomData,
             };
-            let prover = MockProver::run(k, &circuit, vec![]).unwrap();
+            let prover = MockProver::run::<_, ZK>(k, &circuit, vec![]).unwrap();
             assert_eq!(prover.verify(), Ok(()));
         }
     }
@@ -870,6 +878,8 @@ mod tests {
     fn print_poseidon_chip() {
         use plotters::prelude::*;
 
+        const ZK: bool = true;
+
         let root = BitMapBackend::new("poseidon-chip-layout.png", (1024, 768)).into_drawing_area();
         root.fill(&WHITE).unwrap();
         let root = root
@@ -882,7 +892,7 @@ mod tests {
             _spec: PhantomData,
         };
         halo2_proofs::dev::CircuitLayout::default()
-            .render(6, &circuit, &root)
+            .render::<_, _, _, ZK>(6, &circuit, &root)
             .unwrap();
     }
 }

halo2_gadgets/src/sha256/table16.rs

@@ -460,6 +460,8 @@ mod tests {
     };
     use halo2curves::pasta::pallas;
 
+    const ZK: bool = true;
+
     #[test]
     fn print_sha256_circuit() {
         use plotters::prelude::*;
@@ -509,7 +511,7 @@ mod tests {
 
         let circuit = MyCircuit {};
         halo2_proofs::dev::CircuitLayout::default()
-            .render::<pallas::Base, _, _>(17, &circuit, &root)
+            .render::<pallas::Base, _, _, ZK>(17, &circuit, &root)
             .unwrap();
     }
 }

halo2_gadgets/src/sha256/table16/compression.rs

@@ -947,6 +947,8 @@ mod tests {
     };
     use halo2curves::pasta::pallas;
 
+    const ZK: bool = true;
+
     #[test]
     fn compress() {
         struct MyCircuit {}
@@ -996,7 +998,7 @@ mod tests {
 
         let circuit: MyCircuit = MyCircuit {};
 
-        let prover = match MockProver::<pallas::Base>::run(17, &circuit, vec![]) {
+        let prover = match MockProver::<pallas::Base>::run::<_, ZK>(17, &circuit, vec![]) {
             Ok(prover) => prover,
             Err(e) => panic!("{:?}", e),
         };

halo2_gadgets/src/sha256/table16/message_schedule.rs

@@ -404,6 +404,8 @@ mod tests {
     };
     use halo2curves::pasta::pallas;
 
+    const ZK: bool = true;
+
     #[test]
     fn message_schedule() {
         struct MyCircuit {}
@@ -446,7 +448,7 @@ mod tests {
 
         let circuit: MyCircuit = MyCircuit {};
 
-        let prover = match MockProver::<pallas::Base>::run(17, &circuit, vec![]) {
+        let prover = match MockProver::<pallas::Base>::run::<_, ZK>(17, &circuit, vec![]) {
             Ok(prover) => prover,
             Err(e) => panic!("{:?}", e),
         };

halo2_gadgets/src/sha256/table16/spread_table.rs

@@ -295,6 +295,8 @@ mod tests {
     };
     use halo2curves::pasta::Fp;
 
+    const ZK: bool = true;
+
     #[test]
     fn lookup_table() {
         /// This represents an advice column at a certain row in the ConstraintSystem
@@ -439,7 +441,7 @@ mod tests {
 
         let circuit: MyCircuit = MyCircuit {};
 
-        let prover = match MockProver::<Fp>::run(17, &circuit, vec![]) {
+        let prover = match MockProver::<Fp>::run::<_, ZK>(17, &circuit, vec![]) {
             Ok(prover) => prover,
             Err(e) => panic!("{:?}", e),
         };

halo2_gadgets/src/sinsemilla.rs

@@ -731,9 +731,11 @@ pub(crate) mod tests {
 
     #[test]
     fn sinsemilla_chip() {
+        const ZK: bool = true;
+
         let k = 11;
         let circuit = MyCircuit {};
-        let prover = MockProver::run(k, &circuit, vec![]).unwrap();
+        let prover = MockProver::run::<_, ZK>(k, &circuit, vec![]).unwrap();
         assert_eq!(prover.verify(), Ok(()))
     }
 
@@ -742,14 +744,16 @@ pub(crate) mod tests {
     fn print_sinsemilla_chip() {
         use plotters::prelude::*;
 
+        const ZK: bool = true;
+
         let root =
             BitMapBackend::new("sinsemilla-hash-layout.png", (1024, 7680)).into_drawing_area();
         root.fill(&WHITE).unwrap();
         let root = root.titled("SinsemillaHash", ("sans-serif", 60)).unwrap();
 
         let circuit = MyCircuit {};
         halo2_proofs::dev::CircuitLayout::default()
-            .render(11, &circuit, &root)
+            .render::<_, _, _, ZK>(11, &circuit, &root)
             .unwrap();
     }
 }

halo2_gadgets/src/sinsemilla/merkle.rs

@@ -357,6 +357,8 @@ pub mod tests {
 
     #[test]
     fn merkle_chip() {
+        const ZK: bool = true;
+
         let mut rng = OsRng;
 
         // Choose a random leaf and position
@@ -376,7 +378,7 @@ pub mod tests {
             merkle_path: Value::known(path.try_into().unwrap()),
         };
 
-        let prover = MockProver::run(11, &circuit, vec![]).unwrap();
+        let prover = MockProver::run::<_, ZK>(11, &circuit, vec![]).unwrap();
         assert_eq!(prover.verify(), Ok(()))
     }
 
@@ -385,14 +387,16 @@ pub mod tests {
     fn print_merkle_chip() {
         use plotters::prelude::*;
 
+        const ZK: bool = true;
+
         let root = BitMapBackend::new("merkle-path-layout.png", (1024, 7680)).into_drawing_area();
         root.fill(&WHITE).unwrap();
         let root = root.titled("MerkleCRH Path", ("sans-serif", 60)).unwrap();
 
         let circuit = MyCircuit::default();
         halo2_proofs::dev::CircuitLayout::default()
             .show_labels(false)
-            .render(11, &circuit, &root)
+            .render::<_, _, _, ZK>(11, &circuit, &root)
             .unwrap();
     }
 }

halo2_gadgets/src/utilities.rs

@@ -312,15 +312,17 @@ mod tests {
             }
         }
 
+        const ZK: bool = true;
+
         for i in 0..8 {
             let circuit: MyCircuit<8> = MyCircuit(i);
-            let prover = MockProver::<pallas::Base>::run(3, &circuit, vec![]).unwrap();
+            let prover = MockProver::<pallas::Base>::run::<_, ZK>(3, &circuit, vec![]).unwrap();
             assert_eq!(prover.verify(), Ok(()));
         }
 
         {
             let circuit: MyCircuit<8> = MyCircuit(8);
-            let prover = MockProver::<pallas::Base>::run(3, &circuit, vec![]).unwrap();
+            let prover = MockProver::<pallas::Base>::run::<_, ZK>(3, &circuit, vec![]).unwrap();
             assert_eq!(
                 prover.verify(),
                 Err(vec![VerifyFailure::ConstraintNotSatisfied {